Update undici dependency due to vulnerability #738

mm-jpoole · 2023-11-03T17:59:12Z

The version of undici in use (5.20.0) has a low-severity vulnerability CVE-2023-45143.

A brief summary of the vuln is that the cookie header is not cleared on cross-origin redirects. This can result in the leaking of cookies.

This is fixed in version 5.26.2 and above.

The text was updated successfully, but these errors were encountered:

Addresses low severity `npm audit` warning: GHSA-wqq4-5wpv-mx2g Fixes #607 Fixes #738

jpreynat · 2023-12-11T16:10:55Z

+1 on this one, a PR seems ready to be merged. Would be great if this can land in a release soon

Addresses low severity `npm audit` warning: GHSA-wqq4-5wpv-mx2g Fixes #607 Fixes #738

mrbbot mentioned this issue Nov 13, 2023

[Miniflare 2] Use scriptPath if available as the filePath of the script #736

Merged

mrbbot added a commit that referenced this issue Nov 13, 2023

Bump undici to 5.27.2

eb0e544

Addresses low severity `npm audit` warning: GHSA-wqq4-5wpv-mx2g Fixes #607 Fixes #738

mrbbot mentioned this issue Nov 13, 2023

[Miniflare 2] Bump undici to 5.28.2 #742

Merged

mrbbot added a commit that referenced this issue Jan 4, 2024

Bump undici to 5.28.2

127c2d1

Addresses low severity `npm audit` warning: GHSA-wqq4-5wpv-mx2g Fixes #607 Fixes #738

mrbbot closed this as completed in #742 Jan 4, 2024

mrbbot added a commit that referenced this issue Jan 4, 2024

Bump undici to 5.28.2 (#742)

bee57ff

Addresses low severity `npm audit` warning: GHSA-wqq4-5wpv-mx2g Fixes #607 Fixes #738

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update undici dependency due to vulnerability #738

Update undici dependency due to vulnerability #738

mm-jpoole commented Nov 3, 2023

jpreynat commented Dec 11, 2023

Update undici dependency due to vulnerability #738

Update undici dependency due to vulnerability #738

Comments

mm-jpoole commented Nov 3, 2023

jpreynat commented Dec 11, 2023